Security Alerts

All You Need to Know About Spoofing Scams

It's your credit union or bank on the line asking for your account information - or is it? It may actually be a spoofing scam!

Let's take a look at spoofing, how it works and red flags that can alert you to a possible spoofing scam.

What is spoofing?
Spoofing is the criminal act of disguising a communication from an unknown source to appear as if it's being sent from a trusted and known contact. The ultimate goal of spoofing is to get the target to share their sensitive information and/or their money with the scammer. For example, a spoofer may pretend to represent a victim's credit card company and lead them into sharing their account details.

Types of spoofing
Cybercriminals have a variety of ways to pull off their spoofing. Here are the more common forms:

• 1. Email spoofing
  In email spoofing, an attacker sends an email message that appears to be from a known or trusted source. The emails often include links to harmful websites or attachments that will infect the victim's device.
• 2. IP spoofing
  In IP spoofing, an attacker tries to gain access to a system by sending messages via a bogus or spoofed address appearing to be from a recognized, trusted source, such as one on the same internal computer network.
• 3. Caller ID spoofing
  Here, attackers make a phone call to a target that appears to be from a known caller. The scammer will often pose as the victim's credit union or bank. The victim, believing they are speaking with a representative of their financial institution, will not hesitate to disclose their account information and passwords.
• 4. Facial spoofing
  In this most recent form of spoofing, a scammer uses a photo or video of a target's face to simulate their facial biometrics. This enables them to unlock accounts that can only be opened by facial recognition.
• 5. Website spoofing
  In website spoofing, a scammer creates a bogus site that looks just like a reputable site the victim frequents. Attackers lure victims to this site to steal their login credentials and personal info.
• 6. Text-message spoofing
  In this scam, also known as smishing, a victim gets a text message on their personal device that appears to have been sent from a trusted source, such as the victim's financial institution, place of work or doctor's office.

Deepfakes and spoofing
Deepfakes is a relatively new and dangerous tool for spoofers. A deepfake is a fake image, video or audio clip that has been edited to appear authentic. For example, a scammer may create a deepfake video using an image and audio recording of a celebrity to make it appear as if they are telling you to open a link or support a specific cause.

Protect yourself
Spoofing is a formidable danger for consumers across the economic spectrum, but with the right tools and knowledge, you can avoid falling victim to these scams. Here's how to protect yourself from a spoofing attack:

• Turn on your email's spam filter and mark incoming suspicious emails as spam.
• Use two-factor authentication and/or biometric logins when possible.
• Use strong, unique passwords across all of your accounts.Make sure your device's security system is at its strongest setting and uses the most updated patches.
• Never click on links or open attachments from an unverified source.
• Never share personal information online or over the phone with an unknown contact.
• If you're allegedly contacted by your financial institution and asked to provide your login credentials or account details, don't respond. Contact your credit union or bank directly to ask about any possible issues with your account.
• Don't take phone calls at face value, even with caller ID. If you suspect foul play, Google the phone number presented on the caller ID to see if it's associated with scams.
• Identify deepfakes by looking for small details. Zoom into the image or video and verify if the words and lip movements are in sync. Look for lip color that looks unnatural, unrealistic facial hair, exaggeratedly wrinkled or smooth skin and non-existent moles.

Red flags
Look out for these red flags that can alert you to a possible spoofing attack:

• Websites with a URL that's similar to the URL of a reputable site.
• Websites riddled with typos, unusual syntax and spelling errors.
• An alleged rep of your credit union or bank asks you to call a number that's not associated with your financial institution.
• You're asked to share your login credentials or account number with an unverified contact.
• Familiar corporate branding, such as logos, colors and call-to-action buttons in messages requesting you take action that's out of the ordinary.

As a reminder, Market USA will never contact you to ask for your account information. This includes your passwords, credit card numbers, or any other sensitive data that you use to access our website or service. If you receive any suspicious emails, calls, or messages claiming to be from us and requesting such information, please do not respond and report them to us immediately.

AI Fraud and How to Protect Yourself

Artificial intelligence (AI) is revolutionizing the way we live and work. Unfortunately, though, it's also revolutionizing the way scammers play their games. Here's what you need to know about AI fraud and how to protect yourself.

What is AI fraud?
AI fraud is the use of artificial intelligence to deceive or defraud individuals or organizations. When using AI to pull off a scam, fraudsters use algorithms to create convincing fake identities, manipulate social media, generate realistic fake images and videos (AKA "deepfakes") and more.

The scammers then create fake social media profiles and email addresses using these bogus identities and footage. Often, they'll pretend to represent celebrities for soliciting money and information. Similarly, they may create fake websites or emails that appear to be from legitimate sources, such as financial institutions or government agencies, and ask people to provide their personal information or login credentials.'

AI fraud is especially dangerous because its sophistication makes it difficult to detect. Thanks to AI technology, scammers appear to be legitimate, increasing the likelihood that people will fall for their scams.

AI fraud comes in several forms, including:

• Phishing
• ID theft
• Deepfakes
• Fake news
• Social media manipulation
• Chatbot scams
• Fraudulent financial advice

Red flags
Are you being targeted by AI fraud? Look out for these red flags:

• Multiple unsolicited emails and/or text messages
• Asked to provide personal info or login credentials by an unverified contact
• Unusual and/or unexplained activity on your social media accounts
• Receiving financial advice that seems too good to be true

If you notice any of these signs, it's important to investigate. If the contact claims to represent a government agency or financial institution, do not engage. Reach out to the agency that supposedly contacted you to see if the communication is legit.

Protect yourself
Keep your money and information secure by following these precautions at all times:

• Never share sensitive info with an unverified contact.
• Check the URL of each landing page when banking online or using another platform to share sensitive information.
• Use strong, unique passwords across all of your accounts.
• Keep your device's security on its strongest setting.
• Use updated antivirus software on your personal devices.

If you've been targeted If you suspect you've been the victim of AI fraud, act quickly to mitigate damage. First, contact us through our Secure Contact Form or call 301-586-3400 to let us know your information has been compromised. Similarly, reach out to your credit card companies to let them know about the fraud. Next, report the fraud to the FTC so they can take appropriate measures in catching the humans behind the bot-generated scam. You'll also want to change your passwords and consider a credit freeze. Finally, if your identity has been stolen, reach out to identitytheft.gov to learn your next steps.

AI fraud is a growing concern, but there are steps you can take to protect yourself. Follow the tips outlined here and stay safe.

A Reminder to Never Share Online Banking Credentials

At Market USA, your financial security is our top priority. In an era where cyber threats continue to evolve, it is important to remain vigilant and informed about potential risks. Criminals use deceptive tactics to gain unauthorized access to personal information, including sensitive login credentials for your online banking account. By posing as representatives of financial institutions, scammers may try to trick you into revealing this critical information, rendering you vulnerable to identity theft and financial fraud.

The following guidelines can help you identify and avoid falling victim to these scams:

• 1. Be aware of impersonators: Remember, we will never contact you directly via phone or email asking for your online banking username or password. If you receive such a communication, treat it as suspicious and immediately report it to us.
• 2. Practice phone safety: If you receive a call claiming to be from Market USA requesting your online banking credentials, do not disclose any personal information. Instead, hang up and report it to our Member Service Center through our Secure Contact Form or by calling 301-586-3400.
• 3. Beware of phishing emails: Be cautious of emails that seem to come from Market USA and request your online banking credentials. Authentic communications from us will never ask for this information. If you receive such an email, do not click on any links or provide any sensitive information and delete it immediately.
• 4. Choose strong and unique passwords: Create complex passwords that are difficult to guess, and avoid using the same password across multiple platforms. It is recommended to use a combination of uppercase and lowercase letters, numbers, and special characters. Regularly update your passwords as an additional security measure.

Device Advice: How to Keep Your Phone Safe from Fraud

Smartphones are the answer to the disorganized life. You can buy anything with just a few swipes, schedule appointments and store your photos in this one, convenient spot. You can also manage your accounts, check balances and deposit checks through Market USA's mobile app. Unfortunately, all of that convenience comes at a price: Your mobile devices pose an inherent risk to your security if they fall into the wrong hands. Fortunately, there are ways to protect your phone and information.

Here are 6 tips for keeping your device safe and secure.

• 1. Keep your phone locked
  If your entire life is on your phone, you run the risk of giving a thief access to your identity if it's stolen or misplaced. The best way to prevent this from happening is to have a lock on your screen. Opt for a physical lock if possible, such as fingerprint or face recognition. Finally, adjust your phone's lock settings so the screen automatically locks after the shortest amount of idle time.
• 2. Choose strong, unique passwords across all your devices and apps
  Passwords should be a blend of letters with varied capitalization use, numbers and symbols. Use a different password for each device, app and other online accounts. Also, change up your passwords every six months or so. Don't store the info for all your passwords in one location on your phone, or have your device "remember" passwords.
• 3. Browse safely
  
  • Look for the padlock icon and the "s" after the "http" in the URL of each landing page you visit.
  • If an alleged representative of Market USA FCU reaches out regarding an issue with your account and you're unsure if it is legit, contact us directly through a secure channel to confirm your suspicions.
  • Never share your personally identifiable information (PII) with an unknown contact.
  • Don't store your credit card info in online shopping accounts.
  • Keep your security settings current.
  • Avoid clicking on pop-up ads or links in emails from unverified senders.
• 4. Use secure Wi-Fi
  Using public Wi-Fi makes you vulnerable to hacking. It's best not to use public Wi-Fi at all, especially when banking online. To keep your device safe while using public Wi-Fi, connect to a virtual private network (VPN). In addition, be sure to keep your own Wi-Fi locked to avoid having strangers access it.
• 5. Encrypt your data
  Your phone stores loads of your PII, which can make you vulnerable to identity theft. Protect your information by encrypting all sensitive data on your phone. Most phones have encryption settings, which you can enable easily.
• 6. Install antivirus software on your phone
  The same antivirus programs that protect your laptop can also keep your phone secure. Check out security programs for phones, like McAfee or Norton 360. Antivirus software will provide your phone with protection from security breaches and attacks from scammers.